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PROTOCOL, STORAGE DEVICE FOR COMPUTER SYg£KM_ 



The present invention relates to a method anc? B^aratns for 
controlling access to and corruption of information in a 
5 computer system, 

US 5,657,473 discloses a method and apparatus particularly 

concerned with the detection and containment of hostile 

programs such as * virus* programs within computer systems, 
10 said method including dividing the information stored on the 

storage medium into a plurality of non-overlapping partitions, 
Q including a boot partition and a plurality of general 
i"i partitions , each of the partitions being further divided into 

plurality of sectors, any designated subset of the general 
\§ partitions being active at any given time when the computer 

system is in use, 
.., said invention employing a supervising means (a Supervisor) 

separate of the central processing unit (CPU) 
pallowing/restricting/prohibiting read/write operations upon 
20 the storage medium depending on whether information to be read 
Qfrom a sector or written to a sector is in the boot partition, 

or in a general partition, and whether the partition is active 

or inactive, and 

said supervising means also allowing a format operation only 
25 on a partition which is active and prohibiting a format 

operation on the boot partition, or on a general partition if 
it is inactive. 

The described invention preferably uses a second processor 
30 which is made inaccessible to the user and to the virus, 
supervising all data transfers between and within sub- 
divisions of the device or devices placed under its control. 



The Patent Application describes, as an example, an embodiment 
35 comprising a printed circuit board assembly containing a 
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dedicated micro-controller, used in place of the hard disk 
controller within the computer system. 



EP 0 800 135 Al discloses a method and apparatus for 
5 controlling access to and modification of information stored 
on a storage medium forming part of a computer system, 
said invention including by reference all aspects of the 
aforesaid invention of US 5,657,473, 

said invention designating at least one partition a Write Many 
10 Recoverable (WMR) partition wherein, in use, if a write 

command is issued to overwrite any resident information stored 
in a /the WMR partition by updated information, the updated 
information is written on the storage medium in a location 
other than where any resident information is stored and a 
15 pointer to the updated information is stored in a Sector 

Relocation Table (SRT) so that the updated information can be 
accessed, as required during the remainder of a (user) 
session. An alternative method is also described wherein, if a 
write command is issued to overwrite any resident information 
20 stored in a/ the WMR partition, prior to undertaking said write 
command said information is copied and stored elsewhere on the 
storage medium to be copied back to said WMR partition when 
required. This could be implemented, for example, by a system 
reset . 

25 

The application describes, as an example, an embodiment 
comprising a printed circuit board assembly (PCBA) containing 
a dedicated micro-controller placed in-line between the 
computer system hard disk drive controller (often embedded 
30 within the computer system motherboard) and the hard disk 
drive . 



The method and apparatus in the aforementioned inventions 
propose the use of a second processor separate from the 
35 computer system central processing unit (CPU) . Although the 
aforesaid inventions do not specifically limit their scope to 
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combined hardware and firmware embodiments, both describe in 
detail embodiments which include a separate printed circuit 
board assembly, placed between the CPU and the storage medium. 
Such hardware embodiments have the following disadvantages: 
5 Such hardware embodiments have an associated cost per unit, 
which results in a base cost for the invention which must be 
met irrespective of sales volume; 

Such hardware embodiments must be installed within the 
computer system, generally requiring the computer system case 
10 to be removed ; 

Such hardware embodiments require safety and emission 
approvals and require a high level of testing to ensure 
compatibility across the wide spectrum of existing computer 
systems ; 

15 Such hardware embodiments are subject to a level of component 
failures . 

It is the subject of the present invention to avoid or 
minimise one or more of the aforesaid disadvantages. This 
120 document discloses a method (and related apparatus for) 

incorporating the methods outlined in both US 5,657,473 and EP 
0 800 135 Al into the storage device itself. 

Storage devices are frequently intelligent containing their 
25 own processor module, this being a potential candidate to 
undertake the functions of a Supervisor as described within 
the aforesaid inventions. This intelligent module controls the 
transfer of information to and from the storage medium via the 
interface to the computer system. According to the present 
30 invention as defined herebelow, this intelligent module is 
used to allow/restrict /prohibit, read/write operations upon 
the storage medium in a manner consistent with the aforesaid 
inventions . 

35 According to a first aspect of the invention we provide a 
storage device for a host computer system, the storage device 
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comprising; storage means for storing information; intelligent 
means for controlling the transfer of information to and from 

storage device with the host computer system and via which 
5 information is transferred to and from the storage means under 
the control of said intelligent means, 

the storage means comprising: a storage medium divided into a 
plurality of non-overlapping partitions; non-volatile read- 
only-memory (ROM) means for storing firmware for controlling 
10 operation of the storage device; and volatile random-access - 
memory (RAM) means; 

wherein supervising means is incorporated in said storage 
means for operating said intelligent means so as to protect 
information stored in the storage medium. 

15 

The term *inf ormation" as used herein is intended to cover 
information, data and/or program code, any or all of which may 
be stored in the storage means. 

20 The supervising means (* Supervisor") preferably protects the 
said information by controlling access to and modification 
thereof in accordance with pre-programmed protection criteria. 

Incorporating the Supervisor within the storage device has the 
25 following advantages: 

where an intelligent means is already present on the storage 

device, the methods outlined in the aforesaid inventions may 

be implemented with no hardware changes to the storage device; 

physical installation of a separate PCBA containing the 
30 Supervisor is no longer required; Supervisor firmware may be 

included within the storage device during manufacture or may 

be added by means of a software utility; 

since a separate PCBA is no longer required, manufacturing 
costs are significantly reduced by removing the requirement 
35 for additional hardware components and no additional safety or 
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emission testing is required over and above that required for 
the storage device without Supervisor firmware; 
by removing the requirement for additional circuitry external 
to the storage device, there is a reduction in the 
5 compatibility issues that may arise from the diversity of 
computer systems and storage device combinations which are 
possible* 

A further advantage is that by incorporating the Supervisor in 
10 the storage device, rather than in additional hardware, this 
allows the Supervisor to be implemented in laptop, notebook 
and/or other small portable computers since there is no extra 
space required for such additional hardware. 

15 In prior art systems in which the Supervisor was provided as 
additional hardware located between the storage device and the 
host CPU, one problem was that the computer system could 
potentially be tampered with so as to remove this additional 
hardware, in order to make the computer system operate as 

20 normal, without the Supervisor. A further advantage of the 
present invention is that by incorporating the Supervisor 
within the storage device, the Supervisor cannot be removed 
without removing and/ or tampering with the storage device 
itself. 

25 

A further significant advantage of the present invention is 
that whereas in the prior art system the Supervisor hardware 
was located on the interface between the storage device and 
the host CPU, and therefore changes in this interface (e.g. an 

30 increase or change in data flows across the interface) 

required reconfiguration and/or adjustment of data handling by 
the Supervisor, in the present invention the Supervisor is 
independent of such interface changes by virtue of being 
incorporated in the storage device itself. Interface changes 

35 thus do not affect the Supervisor. 
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The storage device may be a hard disk drive. The storage 
medium may comprise one or more disk platters. The supervising 
*"'"' =rie 4 ° , ->refer?'b?y provided r- f.i^r'-^.re vh?cb r rtc-^r' 5" 
said non-volatile ROM on the storage device. It will be 
5 appreciated that if an unauthorised user were to attempt to 
remove the Supervisor by removing the ROM, this will render 
the storage device inoperative. 

The intelligent means preferably comprises a processor, often 
10 referred to as a micro-controller, which runs the Supervisor 
firmware stored in the ROM means. Hard disk drives are now 
available which incorporate a printed circuit board assembly 
(PCBA) including a micro-controller for running programs 
stored in memory means provided on the PCBA. In such drives, 
15 this processor means may conveniently function as the micro- 
controller for use in the present invention. The Supervisor 
firmware can be stored in non-volatile ROM provided on the 
PCBA. 

20 Said non-overlapping partitions into which the storage medium 
is divided preferably include a boot partition and at least 
one general partition, each said partition being divided into 
a plurality of sectors. The storage medium may have a 
plurality of general partitions defined thereon, any 

25 designated subset of which are active at any given time, in 
use of the computer system. 

Preferably, the supervising means operates said intelligent 
means so as to allow/restrict/prohibit read/write operations 

30 upon the storage medium depending upon whether information to 
be read from a sector or written to a sector is operating 
system information or user information, whether the sector is 
in the boot partition or in a general partition and whether if 
the partition is a general partition the partition is active 

35 or inactive. The supervising means may also allow a format 
operation only on a general partition which is active and 
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prohibit a format operation on the boot partition or on a 
general partition which is inactive. The supervising means 
preferably also monitors cotnmarsds passing through the 
interfacing means between the storage device and the host 
5 computer system and prevents predetermined potentially 
disruptive interface commands from being implemented. For 
example, the supervising means may prevent disruptive Vendor 
Unique Commands or Format Track commands from being carried 
out. 

10 

It will be appreciated that the supervising means preferably 
also ensures that f irmware stored on the ROM means of the 
storage device, which includes the firmware providing the 
supervisor means, is also protected in that a user, or a user 
15 program operating in the host computer system, does not have 
access to the ROM means (or the RAM means) of the storage 
device itself and any firmware or other code stored therein is 
thus unalterable by the user or user program* 

20 Optionally, the supervising means may cause a warning to be 
issued to the user should an attempt be made to perform a 
prohibited read, write or format operation. 

At least one of said partitions of the storage device may 
25 comprise a Write Many Recoverable (WMR) partition wherein., in 
use, if a write command is issued to overwrite (i.e. update) 
any information stored in the WMR partition the updated 
information is stored elsewhere on the storage medium, 
preferably in a dedicated area of the storage medium, and a 
30 pointer to the updated information is provided so the updated 
information can be accessed as required during the remainder 
of the session, wherein a system reset causes the list of 
pointers to the updated information, and optionally the 
updated information itself, to be cleared. 

35 
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Where such a WMR partition is provided, the or each said WMR 
partition preferably has a Sector Relocation Table (SRT) 

of the storage device, each entry in a said SRT is a pointer 
5 which defines the address of a range of sectors in the WMR 
partition that have been updated and an address where the 
updated information is located, this location being within a 
dedicated area on the storage medium which is accessed only by 
the supervisor means. 

10 

Alternatively, at least one of said partitions of the storage 
device comprises a Write Many Recoverable (WMR) partition 
wherein, in use, if a write command is issued to overwrite 
(i.e. update) any information stored in a/ the WMR partition 
15 prior to undertaking said write command said information is 
copied and stored elsewhere on the storage medium to be copied 
back to said WMR partition when required. This could be 
implemented, for example, by a system reset, 

20 Where the storage medium comprises at least one disk platter 
and a boot partition, said boot partition will include a disk 
boot sector. According to the present invention, the storage 
device may be provided with loader means and said supervising 
means may be adapted to intercept any request for the disk 

25 boot sector, issued by the host computer system in use 

thereof, and supply said loader means to satisfy the request. 
The loader means is preferably configured to load or transfer 
a predetermined code segment, which is stored on the storage 
means, to a central processing unit (CPU) of the host computer 

30 system to be executed by the computer system prior to 

(normal) operating system boot. This code segment may provide 
user prompts, and communication with the supervising means. 
The loader means is preferably provided in said non-volatile 
ROM of the storage device. Alternatively, said loader means 

35 may be provided in a reserved area on the storage medium, for 
example in one or more reserved tracks of a said disk platter 
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of the storage device. This reserved area is preferably 
inaccessible to a user or user program (but is accessible to 
the Supervising means) whereby unauthorised alteration of the 
loader means is prevented. 

5 

The code segment may be provided in said non-volatile ROM 
means of the storage device or, preferably, in a reserved area 
of the storage medium which is also preferably inaccessible to 
a user or user program, but is accessible to the Supervising 
10 means, whereby unauthorised alteration of the code segment is 
prevented . 

Optionally, the storage device may be placed in either 

* supervised" mode, in which the supervising means is active, 

15 or ^unsupervised* mode in which the supervising means is not 
active. Said code segment, when executed, preferably provides 
user prompts which allow a user to select either * supervised" 
mode, or by entry of a password select ^unsupervised" mode. 
The code segment is preferably constructed such that, 

20 subsequent to mode selection by the user, the code segment 
transfers and executes the boot program from the disk boot 
sector of the storage medium which, in turn, initiates 
operating system boot (in the host computer system) The 
correct password (for comparison against a password input by a 

25 user) may be stored in said non-volatile ROM of the storage 
device or on the storage medium itself. 

According to a second aspect of the invention we provide a 
computer system incorporating a storage device according to 
30 the above-described first aspect of the invention. 

According to a third aspect of the invention we provide a 
method of controlling access to and modification of 
information stored on a storage medium of a storage device for 
35 incorporation in a host computer system wherein the storage 
device comprises storage means for storing information, 
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intelligent means for controlling the transfer of information 
to and from the storage means, and interfacing means for 
f **~ *: icz r ~ "the stoirso'e dsvic* 2 * v5 tb f^.p 'host coT>u.t- faster* 
and via which information may be transferred to and from the 
5 storage means under the control of said intelligent means, and 
the storage means comprises : a storage medium; non-volatile 
read-only-memory (ROM) means for storing firmware for 
controlling operation of the storage device; and volatile 
random-access -memory (RAM) means ; 

10 the method comprising the steps of: 

dividing the storage medium into a plurality of non- 
overlapping partitions including a boot partition and at least 
one general partition , and dividing each said partition into a 
plurality of sectors; 

15 providing supervising means in said storage means for 

operating said intelligent means so as to protect information 
stored in the storage medium; and 

incorporating the storage device in a host computer system, 
and running the host computer system with the supervising 
20 means operating said intelligent means so as to protect 
information stored in the storage medium. 

Preferably said supervising means is provided for 
allowing/restricting/prohibiting read/write operations upon 

25 the storage medium depending upon whether information to be 
read from a sector or written to a sector is operating system 
information or user information, whether the sector is in the 
boot partition or in a general partition and whether if the 
partition is a general partition the partition is active or 

30 inactive, 

said supervising means optionally also allowing a format 
operation only on a general partition which is active and 
prohibiting a format operation on the boot partition or on a 
general partition which is inactive, 
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said supervising means being adapted to intercept each 
interface request from the host computer system to said 

storage device, 

and the supervising means, preferably, causing a warning to be 
5 issued to the user should an attempt be made to perform a 
prohibited read, write or format operation which operation is 
prevented by the supervising means; 

providing a loader means, said supervising means being adapted 
to supply said loader means in response to any request, issued 

10 by the host computer system, for the disk boot sector of the 
boot partition; and executing the loader means by the central 
processing unit (CPU) of the computer system in place of the 
requested disk boot sector, the loader sector transferring a 
code segment stored in the storage device, preferably in the 

15 storage medium thereof, into a RAM of the CPU for execution 
thereon, the code segment, when executed, initiating a user 
interface procedure, preferably in the form of user prompts, 
whereby a user may select one or more protection options; 
and whereupon, subsequent to a said selection having been made 

20 by the user, said code segment transfers the disk boot program 
stored in the disk boot sector as originally requested and, in 
turn, executes the disk boot program which then initiates 
operating system boot (in the host con^uter system) . 

25 Said selection of protection options preferably includes the 
option, by entering a predetermined password, of setting the 
storage device in ^unsupervised mode* whereby interface 
requests are not intercepted by the supervising means. The 
selection may also include the option of setting the storage 

30 device in ^supervised" mode and further selecting one or more 
active partitions and/or of designating at least one of said 
partitions a Write Many Recoverable (WMR) partition wherein, 
in use, if a write command is issued to overwrite any resident 
information stored in a/the WMR partition by updated 

35 information, the updated information is written on the storage 
medium in a location other than where any resident information 
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is stored and a pointer to the updated information is provided 
so that the updated information can be accessed, as required 

cT-.Tr: r ' of a se^^ir . 

5 The method may further include storing a Sector Relocation 
Table (SRT) which contains the pointers associated with each 
said WMR partition in the volatile RAM means of the storage 
device . 

10 Alternatively, the method may include the option of 

designating at least one of said partitions a Write Many 
Recoverable (WMR) partition wherein, in use, if a write 
command is issued to overwrite (i.e. update) any information 
stored in a/the WMR partition prior to undertaking said write 

15 command said information is copied and stored elsewhere on the 
storage medium to be copied back to said WMR partition when 
reqpiired. This could be implemented, for example , by a system 
reset . 

20 Preferred embodiments of the invention will now be described 
by way of example only, and with reference to the accompanying 
drawings in which 

Fig 1 is a schematic diagram of a hard disk drive according to 
one embodiment of the invention; 
25 Fig-2 is a flow chart illustrating a modified operating boot 
sequence implemented in the haxd disk drive of Fig.l. 

Fig.l shows a storage device in the form of a hard disk drive 

1 for incorporating in a host computer system (not shown) . The 
30 drive is of conventional form having one or more disk platters 

2 mounted on a spindle motor drive mechanism on a printed 
circuit board assembly (PCBA) 3 having a ROM chip 4 containing 
firmware for controlling operation of the drive, and a RAM 
chip 5* The drive has an interface connector 6 which enables 

35 interfacing of the disk drive 1 to the host computer system, 
via which interface connector information, including user 
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information, operating system information, data and other 
programs, is transferred to and from the disk platter (s) 2. 
Th*=> *>CB& 3 has a micro-controller 7 provided thereon which 
runs the firmware contained in the ROM chip 4, accesses the 
5 RAM chip 5 and controls the transfer of information, data 
and/or programs to and from the disk platter (s) via the 
interface . 

The firmware in the ROM includes ^Supervisor* firmware for 
10 intercepting and validating each request to the hard disk 
(from the host computer system) in a manner previously 
described in US 5,657,473, the contents of which are therefore 
incorporated herein by reference. The operation of the disk 
drive beneficially also includes a method of controlling 
15 access to and modification of information stored on the disk 
platter (s) of the drive utilising a Write Many Recoverable 
(WMR) partition (or partitions) as previously disclosed in EP 
0 800 135 Al, the content of which is also therefore 
incorporated herein by reference* 

20 

Thus, the supervising means (Supervisor) forms part of the 
hard drive itself, separate of a central processing unit (CPU) 
of the host computer system and inaccessible to the user, the 
supervising means controlling access to information stored on 
25 the disk platter (s) . 

According to the described embodiment, the disk drive 
operation provides a method giving the user the capability of 
selecting either an '"unsupervised* or "unprotected* mode 

30 through entry of a password, or selecting a * supervised" or 
^protected* mode with further selection of one or more active 
partitions. To do this, a loader means in the form of a 
* loader sector" is provided in the form of executable code 
stored in the non-volatile ROM chip 4, the loader sector 

35 acting as a replacement for the disk boot sector of the active 
partition on the storage device, whereby each request (by the 
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host computer system) for said disk boot sector is intercepted 
by the Supervisor and said loader sector is supplied to 

f- Z '.IZ. £ fl V til"'. C XTCC'V Z. :~ fc. , tllG lCcd8 r S ^ C f~ C — hf ~ n ^ c x ~ v tr. ^ •• f- ?- 

CPU of the computer system in place of the requested disk boot 
5 sector, said loader sector transferring a code segment (stored 
on a reserved track therefor on the disk platter (s) and 
referred to in further detail below) into RAM of the CPU of 
the host computer system for execution thereby; 
said code segment when executed, providing all required user 

10 prompts and communication with the Supervisor required for 
entry into either "protected" or ^unprotected* mode, such 
that, subsequent to mode selection, said code segment executes 
the original disk boot sector program which then initiates the 
process of operating system boot. This modified operating 

15 system boot operation will now be explained in further detail 
with reference to Fig. 2 of the drawings which is a flow chart 
illustrating this operating system boot sequence. 

In the normal operation of a computer system, upon switch on 

20 of the system (or a request to re-boot the system) the host 
system central processing unit (CPU) requests the disk boot 
sector from the boot partition of a disk platter of the hard 
drive. In the present invention, the Supervisor intercepts 
any request for the disk boot sector. Upon interception of the 

25 disk boot sector request, the Supervisor returns the loader 
means (namely the u loader sector") stored in the ROM chxp 4 in 
place of the disk boot sector. The host system will be unaware 
of this change having been made and will execute the loader 
sector which, in turn, transfers a code segment, stored in the 

30 storage device, to a RAM in the host computer system. This 
code segment is stored in a track 8 on the disk platter (or 
one of the disk platters) which is reserved therefor. This 
track is accessible only to the Supervisor means, being a 
track which is outside the area of the disk platter accessible 

35 to the host operating system. 
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The code segment contains code, to be executed by the host 
system, which issues user prompts and which communicates with 
Pi^Hcnr, j r or^er to enable the user to set the system 
in the '"protected* mode or "unprotected* mode, as will be 
5 described herebelow. 

Once the code segment has been transferred to the RAM of the 
host computer system it is executed thereby so as to, firstly, 
establish communication with the Supervisor, and then provide 

10 a user display screen (known as the HARDWALL banner - HARDWALL 
is a registered trade mark of Vircon Limited) which permits 
the user to select a desired protection mode, namely either 
"protected* or w unprotected* . If the user selects the 
^protected* mode the code segment then requests a list of 

15 dormant partitions from the Supervisor and displays them on 
the screen of the computer system and prompts the user to 
select one or more partitions from the list. Once the user has 
selected one or more partitions the code segment informs the 
Supervisor of this choice. Prior to selecting a partition or 

20 partitions, which then become active, the system will 

previously have been configured in terms of partitions and a 
level of protection associated with them. These may be 
established by means of a software utility. In general, there 
are three types of partition, namely general partitions, read- 

25 only partitions and WMR partitions. Typically, a read-only 
partition and a WMR partition are always available. At the 
start of a session, when a general partition (or partitions) 
is selected and made active it is granted full read/write 
access. The remaining general partitions then become dormant 

30 whereby the Supervisor prevents their contents being accessed 
and hence protects them during that particular user session 
(which lasts until switch-off or re-boot of the computer 
system) . Read-only partitions axe granted read access only, 
all write commands being prohibited by the Supervisor. The 

35 function and features of the Supervisor are disclosed and 
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described in detail in US 5,657,473 (incorporated herein by 
reference) and will therefore not be repeated here. 

In the preferred embodiment, at the stage of the process where 
5 the user selects one or more active partitions, the executed 
code segment will make available to the user one or more 
partitions designated as Write-Many-Recoverable (WMR) 
partitions, if a write command is issued by the host system 
(e.g. by a user program) to overwrite any resident information 

10 stored in that WMR partition, the updated information is 
stored elsewhere on the disk platter (s) in a dedicated area 
thereof, and a pointer to the updated information is kept (in 
the RAM chip 5 of the drive) so the updated information can be 
accessed as required during the remainder of the session, and 

15 wherein a system reset causes the list of pointers to the 
updated information, and optionally also the updated 
information itself, to be cleared. Each WMR partition has a 
Sector Relocation Table <SRT) associated with it containing 
the pointers which define the address of a range of sectors in 

20 the WMR partition which have been updated and an address where 
the updated information is located. This updated information 
is located in a dedicated area of the disk platter (s) which is 
accessible only to, and is protected by, the Supervisor. This 
may be achieved by the dedicated area being disposed in an 

25 area of the disk platter (s) to which any access by the host 
system is denied by the Supervisor, the dedicated area in this 
manner being effectively ^hidden* from the host system. 
Alternatively, the dedicated area could be disposed outside 
the physical area (namely tracks) of the disk platter (s) which 

30 is accessible to the host operating system, in an area which 
is accessible only to the Supervisor. The SRT table (s) are 
stored in the RAM chip 5 of the disk drive 1. The details and 
implementation of the WMR technique are disclosed and 
described in detail in EP 0 800 135 Al, previously referred to 

35 and incorporated herein by reference, and are therefore not 
described in any further detail herein. It will be appreciated 
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that the WMR facility enables a user to write to the 
designated WMR partition (s) during a session on the computer 
system, but each time the computer system is re-booted all 
changes are erased so as to leave each WMR partition in its 
5 original state. Typically, the boot partition will be chosen 
by the user to be designated a WMR partition. 

In an alternative WMR technique, also described in EP 0 800 
135 Al, if a partition is designated as WMR, in use, if a 

10 write command is issued to overwrite (i.e. update) any 

information stored in a/ the WMR partition prior to undertaking 
said write command said information is copied and stored 
elsewhere on the storage medium to be copied back to said WMR 
partition when required. This could be implemented, for 

15 example, by a system reset. For the avoidance of doubt, the 
use of this alternative WMR is method is also intended to be 
within the scope of the present invention. 

The RAM chip 5 is also used to store information regarding the 
20 protection state attributed to each partition in the drive at 
any given time, for example which partitions are active and 
which are inactive, which are WMR partitions, which are 
read/write accessible, which are read-only, etc. This 
information, which can be referred to as a Permission Table, 
25 is also stored in the RAM chip 5 of the disk drive 1. 

Once the active partition (s) have been selected, and any WMR 
partitions, the code segment transfers the original disk boot 
sector stored in the disk drive to the host conputer system 
30 RAM for execution thereby, the executed disk boot sector 
initiating operating system boot in the host system. 

If, at the stage where the user is prompted to select 
"protected* or ^unprotected* mode (i.e. ^supervised* or 
35 ^unsupervised") , the user selects "unprotected*, the code 
segment prompts the user to enter a password. The password 
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entered by the user is then transferred to the Supervisor 
firmware for validation thereby (by matching it against a 

limited number of retries is permitted if the user enters an 
5 incorrect password. Once a correct password has been entered 
and validated, the code segment provides the user with the 
option of requesting to change the password. If such a request 
is made, the code segment prompts for a new password to be 
entered twice, the two entered passwords then being 

10 transferred to the Supervisor firmware for comparison and 

storage (in the ROM chip 4 of the drive) . The Supervisor then 
enters the ^unprotected" or w unsupervised* mode and the code 
segment proceeds to transfer the original disk boot sector to 
the host system RAM for execution thereby in order to initiate 

15 operating system boot in the host system. 

A more detailed description of the above-described embodiment 
is not given herein, as this would be within the normal 
understanding of a person skilled in the art. 

20 

The embodiment of the present invention includes no physical 
electronic components that are not present in many 
commercially available hard disk drives. The invention 
requires only the following f eatures in the disk drive in 
25 order to implement the invention thereon: 

memory locations within the Read Only Memory (ROM) chip 4 to 
contain the firmware code to implement Supervisor 
functionality (the Supervisor firmware) ; 

integration of the Supervisor firmware into the existing 
30 control firmware of the hard disk drive, ensuring that no 
interface request is serviced before the Supervisor firmware 
has checked and validated the request; 

memory locations with the embedded Random Access Memory (RAM) 
5 of the hard disk drive to store the SRT and Permission Table 
35 which are created and maintained during each session on the 
computer sys t em ; 
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memory locations within the ROM for the storage of the 
password for use in selecting supervised or unsupervised mode; 
memory locations within the ROM 4 for the storage of the 
loader sector; 

5 sectors on the hard disk drive itself for storage of the code 
segment which is required to be passed to the conputer system 
and executed during the initial power up and configuration 
process, said sectors being within one or more reserved tracks 
on the disk surface which are inaccessible to the host 
10 computer system (and any user programs running therein) and 
accessible only to the Supervisor* 

It should be noted that the Supervisor firmware is conf igured 
to prohibit any access to itself, or alteration to itself, by 
15 user commands (issued by a user or user program) which attempt 
to read, corrupt or modify the Supervisor firmware. 

It will be appreciated that, as an alternative to providing 
the invention in the drive at manufacture thereof, where a 

20 hard drive having the necessary features outlined immediately 
above is provided, the invention could be implemented by 
loading the Supervisor firmware into the disk drive by means 
of a software utility program in order to obtain a disk drive 
which operates in accordance with the present invention. 

25 Although the Supervisor firmware will preferably be loaded 

into the ROM of the drive, it is envisaged that some or all of 
the Supervisor firmware could be written onto the disk 
platter (s). In this latter case, any of the Supervisor 
firmware which is stored on the disk platter (s) will be 

30 protected by the Supervisor itself so that a user or user 
program cannot gain read or write access thereto. 

The embodiments of the present invention hereinbefore 
described are given by way of example only, and it will be 
35 appreciated that various modifications thereto will be 

possible without departing from the scope of the invention. In 
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particular, the invention is applicable not only to storage 
devices in the form of hard disk drives, but also to other 
txrr^c 0 f .ctor»r« device. For example, the- Supervisor firmware 
could be incorporated in a solid state storage device, such as 
5 a FLASH memory card. Also, the Supervisor firmware could be 
stored on an optical storage medium, such as a compact disc 
(CD) or digital video disk (DVD) , for use in an optical 
storage device, e.g. CD or DVD drive. Equally, some or all of 
the Supervisor firmware could be stored in the ROM of a CD or 
10 DVD drive. 



RCV. VON : EPA - Ml JENCHBN 02 



:22- 5- 0 



CCITT ECM- 





P09165PC 



-21- 

CLAIM3 



1. A storage device (1) for a host computer system, the 
storage device comprising : storage means (2, 4, 5) for storing 
5 information; intelligent means (7) for controlling the 
transfer of information to and from the storage means; and 
interfacing means (6) for interfacing the storage device with 
the host computer system and via which information is 
transferred to and from the storage means under the control of 
10 said intelligent means, 

the storage means comprising^ a storage medium (2) divided 

i into a plurality of non- overlapping partitions including a 
boot partition and at least one general partition, each said 
partition being divided into a plurality of sectors, the boot 
15 partition including a boot sector containing code for use by 

"3 che host computer system to perform operating system boot of 
the host computer system; non-volatile read-only-memory (HOM) 
means (4) for storing firmware for controlling operation of 
th& storage device; and volatile random-ac cess -memory (RAW) 

V; 20 means (5) ? 

wherein supervising means is incorporated in said storage 
means for operating said intelligent means so as to protect 
information stored in the storage medium (2) , said supervising 
means being incorporated at least partly as firmware which is 
25 stored in said non-volatile ROM means (4) , and wherein the 
storage device further includes: 

a host executable code segment , stored in said storage means , 
for allowing user control of the supervising means via the 
host computer system and for controlling initiation of 

30 operating system boot in the host computer system; and 

loader means stored in the storage means and comprising host 
executable code for loading said code segment to the host 
computer system and causing the host computer system to 
execute the loaded code segment; 

35 and wherein said supervising firmware stored in the ROM means 
(4) is adapted to intercept any request for said boot sector. 
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issued by the host computer system in use thereof, and to 
supply said loader means to the host computer system to 
satisfy the request, 

5 2. A storage device according to claim 1, wherein the 
supervising means is provided wholly as firmware which is 
stored in said non- volatile ROM. means (4) on the storage 
device (1) • 



10 3 • A storage device according to claim 1 or claim 2 , wherein 
the intelligent means comprises a micro-controller (7) which 
runs the supervising firmware stored in the ROM means {4) ♦ 

4. A storage device according to any preceding claim, wherein 
•£! 15 the supervising means operates said intelligent means (7) so 
as to allow/restrict /prohibit read/write operations upon the 
storage medium (2) depending upon whether information to be 
read from a sector or written to a sector is operating 3ystem 
information or user information, whether the sector is in the 
-•20 boot partition or in a genera.! partition, and whether if the 
partition is a general partition the partition is active or 
inactive. 

5* A storage device according to claim 4, wherein the 
25 supervising means also ensures that firmware stored on the ROM 
means (4) of the storage device (1), which includes the 
supervisor firmware, is also protected in that a ussr, or a 
user program operating in the host computer system, does not 
have access to the ROM m^ans (4) of the storage device itself. 

30 

6* A storage device according to any preceding claim, wherein 
the supervising means is configured so as to cause a warning 
to be issued to the user should an attempt be made to perform 
a prohibited read f write or format operation. 

35 
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7 . A storage device according to any preceding claim, wherein 
at least one of said partitions of the storage device (1) 
comprises a Write Many Recoverable (WMR) partition wherein, in 
use r if a write command is issued to overwrite any information 

5 stored in the WSR partition the updated information is stored 
elsewhere on the storage medium (2) , and a pointer to the 
updated information is provided so the -updated information can 
be accessed as required during the remainder of the session, 
and wherein a system reset causes the pointer to the updated 

10 information to be cleared. 

8 ♦ A Storage device according to claim 7, wherein the or each 
4 said WMR partition has a Sector Relocation Table (SRT) 
•■^ associated therewith which is held in said volatile HAM means 
j\5 (5) of the storage device (1), and each entry in a said SRT is 
p a pointer which defines the address of a range of sectors in 
; =r the WMR partition that have been updated and an address where 

the updated information is located, this location being within 
f , a dedicated area on the storage meoliiiia (2) which is accessed 
q2Q only by the supervisor means. 

r; 9. A storage device according to any of claims 1 to 6, wherein 
at least one of said partitions of the storage device (1) 
comprises a Write Many Recoverable (WMR) partition Wherein, in 
25 use, if a write command is issued to overwrite any information 
stored in said at least one WMR partition, prior to 
undertaking said write command said information is copied and 
stored elsewhere on the storage medium (2} to be copied back 
to said wm partition when required, 

30 

10. A storage device according to any preceding claim, wherein 
the loader means is configured to load said code segment to a 
central processing unit (CPU) of the host computer system for 
execution by the host computer system prior to operating 
35 system boot. 
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11. A storage device according to claim 10, wherein the loader 
means is provides in said non-volatile ROM means (4) of the 
storage device (1) . 



5 12 . A storage device according to claim 10 f wherein said 
loader means is provided in a reserved area on the storage 
medium (2) , which reserved area is inaccessible to a user or 
user program. 



10 13 ♦ A storage device according to any of claims 10 to 12, 
wherein the code segment is provided in said non-volatile rom 
means (4) of the storage device, 

14. a storage device according to any of claims 12 to 14, 
Z 15 wherein the code segment is provided in a reserved area of the 
5 storage medium (2) which is inaccessible to a user or user 
'7 prggram, tout is accessible to the supervising means, whereby 

unauthorised alteration of the code segment is prevented, 

,7 20 IB. A storage device according to 'any preceding claim f wherein 
^ said host executable code segment comprises code for enabling 
£ the storage device to be set in either ,v supervised* mode, in 

which the supervising means is active, or ^unsupervised" mode 

in which the supervising means is not active. 

25 

16. A storage device according to claim 15, wherein said code 
segment, when executed, provides user prompts which allow a 
user to select said * supervised* mode, or by entry of a 
password select said ^unsupervised" mode, and the code segment 
30 is constructed such that/ subsequent to mode selection by the 
user, the code segment transfers a boot program from the boot 
sector of the storage medium (2] and causes the host computer 
system to execute said boot program so as to initiate 
operating system boot in the host computer system. 

35 
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17. A storage device according to claim 10, wherein said 
storage device is a hard disk drive and the storage medium 
comprises at least one disk platter (2) , and said loader means 
is provided in at least one reserved track of said at least 

5 one disk platter (2) . 

18. A storage device according to any of claims l to 16, 
wherein the storage device is a hard disk drive (1) . 

10 19. A storage device according to claim 18, wherein the 
storage medium comprises at least one disk platter (2). 

20. A storage device according to any of claims 1 to 16, 
wherein the storage device is a solid state storage device. 



w 21, A storage device according to any of claims 1 to 15 , 
wherein the storage device is an optical storage device. 

^ 22 . A computer system incorporating a storage (1) device 
Q 20 according to any of claims 1 to 21. 

23* A method of controlling access to and modification of* 

Xxx format ion stored on a storage medium (2) of a storage device 

(1) for incorporation in a host computer system wherein the 

25 storage device comprises storage means (2, 4, 5) for storing 
information, intelligent means (7) for controlling the 
transfer of information to and from the storage means, and 
interfacing means (5) for interfacing the storage device (1) 
with the host computer system and via which information may be 

30 transferred to and from the storage means under the control of 
said intelligent means, and the storage means comprises: a 
storage medium (2); non-volatile read-only-memory (ROM) means 
(4) for storing firmware for controlling operation of the 
storage device; and volatile random- access -memory (RAM) means 



: ; 15 



35 (5); 



the method comprising the steps of: 
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dividing the storage medium (2) into a plurality of non- 
. overlapping partitions including a boot partition and at least 
one general partition, and dividing each said partition into a 
plurality of sectors, the boot partition including a boot 
5 sector containing code for use by the host computer system to 
perform operating system boot of the host computer system; 
providing supervising means in said storage means for 
operating said intelligent means (7) so as to protect 
information stored in the storage medium (2), said supervising 
10 means being incorporated at least partly as firmware which is 
stored in said non-volatile ROM means (4); 

staring in said storage means a host executable code segment 
for allowing user control of the supervising means via the 
host computer system and for controlling initiation of 

15 operating system boot in the host computer system; 

storing in the s; tor age means loader means comprising host 
executable code for loading said code segment to the host 
computer system and causing the host computer system to 
execute the loaded code segment; 

20 said supervising firmware stored in the ROM means (4) being 
adapted to intercept any request for said boot sector, issued 
by the host computer system, and to supply said loader means 
in response to the request; and incorporating the storage 
device in a host computer system, and running the host 

25 computer system with the supervising means operating said 
intelligent means so as to protect information stored in the 
storage medium. 

24. A method according to claim 23, wherein said supervising 
30 means is provided for all owing /res trie ting /prohibiting 

read/write operations upon the storage medium (2} depending 
upon whether- information to be read from a sector or written 
to a sector is operating system information or user 
information, whether the sector is in the boot partition or in 
35 a general partition, and whether if the partition is a general 
partition the partition is active or inactive, 
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said supervising means being adapted to intercept each 
interface request from the host computer system to said 
storage device (1) ; 

and the loader means loads said code segment to a RAM of a 
5 central processing unit (CPU) of the host computer system for 
execution by the host computer system prior to operating 
system boot, 

and the code segment, when executed, initiates a user 
interface procedure whereby a user may select a protection 
10 option from a selection of protection options ; 

and whereupon, subsequent to a said selection having been made 
by the user, said code segment transfers a boot program from 
the boot sector of the storage medium (2) and causes the host 
computer system to execute said boot program so as to initiate 
; 15 operating system boot in the host computer system. 

25. A method according to claim 24, wherein said selection of 
protection options includes the option, by entering a 
predetermined password, of setting the storage device in 

1 20 * unsupervised, mode" whereby interface requests are not 
intercepted by the supervising means. 

26. A method according to claim 25, wherein the selection also 
includes the option of setting the storage device (1) in 

25 * supervised* mode and designating at least one of said 

partitions a Write Many Recoverable (mm) partition wherein, 
in use i if a write command is issued to overwrite any resident 
information stored in said at least one WMR partition by 
updated information, the updated information is written on the 

30 storage medium {2} in a location other than where any resident 
information is stored and a pointer to the updated information 
is provided so that the updated information can be accessed as 
required during the remainder of a session. 



35 27. a method according to claim 26, further including storing 
a Sector Relocation Table (SRT) which contains the pointers 
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associated with each said WMR partition in the volatile RAM 
means (5) of the storage device (1) > 

28. A method according to claim 25, further including the 
5 option of setting the storage device (1) in * supervised* mode 
and designating at least one o£ said partitions a Write Many 
Recoverable (WMR) partition wherein, in use, if a write 
command is issued to overwrite any information stored said at 
least one wmr partition, prior to undertaking said write 
10 command said information is copied and stored elsewhere on the 
storage medium (2) to be copied back to said WMR partition 
when required. 
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Computer system requests disk boot sector 
from boot partition to execute 



T 



Supervisor Firmware intercepts request and 
returns Loader means in place of disk boot 
sector 

(Computer system unaware of the change) 



Computer system executes Loader means 



Loader means transfers Code Segment from 
Storage Device into Computer System RAM 
and exeutes this segment 



Code Segment executes, and establishes 

communication with the Supervisor 
Firmware and then displays the Hardwall 
banner screen 




Protected 



Code Segment prompts for password, 

transferring the password to the 
Supervisor Firmware for validation, a 
retry permitted if incorrectly entered 



x 



Option to change password. 
If user requests change, the Code 

Segment prompts for a new password 
to be entered twice, the passwords 
being transferred to the Supervisor 

Firmware for comparison and storage 



Code Segment requests a list of 

dormant partitions from the 
Supervisor Firmware and displays 
them on computer system screen 
t 



User selects partition from list 



I 



Code Segment informs Supervisor 
Firmware of choice 



Supervisor Firmware enters 
UNPROTECTED MODE 



Supervisor Firmware enters 
PROTECTED MODE 



Original disk boot sector transferred from 

storage within the Storage device to 
computer system RAM and executed by the 
Code Segment 



T 



Fig. 2 



Disk Boot Sector initiates Operating System 
Boot 
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